<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>esapi.reference.file_based_access_controller.FileBasedAccessController</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="esapi-module.html">Package&nbsp;esapi</a> ::
        <a href="esapi.reference-module.html">Package&nbsp;reference</a> ::
        <a href="esapi.reference.file_based_access_controller-module.html">Module&nbsp;file_based_access_controller</a> ::
        Class&nbsp;FileBasedAccessController
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class FileBasedAccessController</h1><p class="nomargin-top"><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController">source&nbsp;code</a></span></p>
<pre class="base-tree">
<a href="esapi.access_controller.AccessController-class.html">access_controller.AccessController</a> --+
                                     |
                                    <strong class="uidshort">FileBasedAccessController</strong>
</pre>

<hr />
<pre class="literalblock">

Reference implementation of the AccessController interface. This reference
implementation uses a simple model for specifying a set of access control
rules. Many organizations will want to create their own implementation of
the methods provided in the AccessController interface.

This reference implementation uses a simple scheme for specifying the
rules. The first step is to create a namespace for the resources being
accessed. For files and URL's, this is easy as they already have a 
namespace. Be extremely careful about canonicalizing when relying on
information from the user in an access control decision.

For functions, data, and services, you will have to come up with your own
namespace for the resources being accessed. You might simply define a flat
namespace with a list of category names. For example, you might specify
'FunctionA', 'FunctionB', and 'FunctionC'. Alternatively, you can create
a richer namespace with a hierarchical structure, such as:

    - /functions
        - purchasing
        - shipping
        - inventory
    - /admin
        - createUser
        - deleteUser
        
Once you've defined your namespace, you have to work out the rules that
govern access to the different parts of the namespace. This 
implementation allows you to attach a simple access control list (ACL) to
any part of the namespace tree. The ACL lists a set of roles that are
either allowed or denied access to a part of the tree. You specify these
rules in a text file with a simple format.

There is a single configuration file supporting each of the five methods
in the AccessController interface. These files are located in the ESAPI
resources directory. The use of a default deny rule is STRONGLY 
recommended. The file format is as follows:

   path          | role        | allow/deny | comment
---------------------------------------------------------------
 * /banking/*    | user,admin  | allow      | authenticated users can access /banking
 * /admin        | admin       | allow      | only admin role can access /admin
 * /             | any         | deny       | default deny rule

To find the matching rules, this implementation follows the general 
approach used in Java EE when matching HTTP requests to servlets in 
web.xml. The four mapping rules are used in the following order:

    - Exact match, e.g. /access/login
    - Longest path prefix match, beginning / and ending /*, e.g. /access/* or /*
    - Extension matching, beginning *., e.g. *.css
    - Default rule, specified by the single character pattern

@author: Craig Younkins (craig.younkins@owasp.org)

</pre>

<!-- ==================== INSTANCE METHODS ==================== -->
<a name="section-InstanceMethods"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Instance Methods</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-InstanceMethods"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a name="__init__"></a><span class="summary-sig-name">__init__</span>(<span class="summary-sig-arg">self</span>)</span></td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.__init__">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#is_authorized_for_url" class="summary-sig-name">is_authorized_for_url</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">url</span>)</span><br />
      Checks if the account is authorized to access the referenced URL.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_url">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#is_authorized_for_function" class="summary-sig-name">is_authorized_for_function</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">function_name</span>)</span><br />
      Checks if the account is authorized to access the referenced 
      function.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_function">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#is_authorized_for_data" class="summary-sig-name">is_authorized_for_data</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">action</span>,
        <span class="summary-sig-arg">key</span>)</span><br />
      Checks if an account is authorized to access the data, referenced by 
      a key as a string.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_data">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#is_authorized_for_file" class="summary-sig-name">is_authorized_for_file</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">filepath</span>)</span><br />
      Checks if an account is authorized to access the referenced file.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_file">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#is_authorized_for_service" class="summary-sig-name">is_authorized_for_service</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">service_name</span>)</span><br />
      Checks if an account is authorized to access the referenced service.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_service">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#assert_authorized_for_url" class="summary-sig-name">assert_authorized_for_url</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">url</span>)</span><br />
      Checks if an account is authorized to access the referenced URL.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_url">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#assert_authorized_for_function" class="summary-sig-name">assert_authorized_for_function</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">function_name</span>)</span><br />
      Checks if an account is authorized to access the referenced function.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_function">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#assert_authorized_for_data" class="summary-sig-name">assert_authorized_for_data</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">action</span>,
        <span class="summary-sig-arg">key</span>)</span><br />
      Checks if the current user is authorized to access the referenced 
      data.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_data">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#assert_authorized_for_file" class="summary-sig-name">assert_authorized_for_file</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">filepath</span>)</span><br />
      Checks if an account is authorized to access the referenced file.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_file">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#assert_authorized_for_service" class="summary-sig-name">assert_authorized_for_service</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">service_name</span>)</span><br />
      Checks if an account is authorized to access the referenced service.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_service">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#match_rule" class="summary-sig-name">match_rule</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">dictionary</span>,
        <span class="summary-sig-arg">key</span>,
        <span class="summary-sig-arg">action</span>=<span class="summary-sig-default">None</span>)</span><br />
      Checks to see if the current user has access to the specified data, 
      file, object, etc.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.match_rule">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#search_for_rule" class="summary-sig-name">search_for_rule</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">dictionary</span>,
        <span class="summary-sig-arg">roles</span>,
        <span class="summary-sig-arg">key</span>)</span><br />
      Search for the rule.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.search_for_rule">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#overlap" class="summary-sig-name">overlap</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">rule_roles</span>,
        <span class="summary-sig-arg">user_roles</span>)</span><br />
      This method returns True if there is overlap between the rule's rules
      and the user's roles.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.overlap">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#validate_roles" class="summary-sig-name">validate_roles</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">roles</span>)</span><br />
      Checks that the roles passed in contain only letters, numbers, and 
      underscores.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.validate_roles">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.file_based_access_controller.FileBasedAccessController-class.html#load_rules" class="summary-sig-name">load_rules</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">rule_file</span>)</span><br />
      Loads the access rules by storing them in a dictionary.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.load_rules">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
</table>
<!-- ==================== CLASS VARIABLES ==================== -->
<a name="section-ClassVariables"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Class Variables</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-ClassVariables"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="URLACFILE"></a><span class="summary-name">URLACFILE</span> = <code title="'URLAccessRules.txt'"><code class="variable-quote">'</code><code class="variable-string">URLAccessRules.txt</code><code class="variable-quote">'</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="FUNCTIONACFILE"></a><span class="summary-name">FUNCTIONACFILE</span> = <code title="'FunctionAccessRules.txt'"><code class="variable-quote">'</code><code class="variable-string">FunctionAccessRules.txt</code><code class="variable-quote">'</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="DATAACFILE"></a><span class="summary-name">DATAACFILE</span> = <code title="'DataAccessRules.txt'"><code class="variable-quote">'</code><code class="variable-string">DataAccessRules.txt</code><code class="variable-quote">'</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="FILEACFILE"></a><span class="summary-name">FILEACFILE</span> = <code title="'FileAccessRules.txt'"><code class="variable-quote">'</code><code class="variable-string">FileAccessRules.txt</code><code class="variable-quote">'</code></code>
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a name="SERVICEACFILE"></a><span class="summary-name">SERVICEACFILE</span> = <code title="'ServiceAccessRules.txt'"><code class="variable-quote">'</code><code class="variable-string">ServiceAccessRules.txt</code><code class="variable-quote">'</code></code>
    </td>
  </tr>
</table>
<!-- ==================== METHOD DETAILS ==================== -->
<a name="section-MethodDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Method Details</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-MethodDetails"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
</table>
<a name="is_authorized_for_url"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_authorized_for_url</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">url</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_url">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if the account is authorized to access the referenced URL. 
  Generally, this method should be invoked in the application's controller 
  or a filter as follows:</p>
  <p>ESAPI.access_controller().is_authorized_for_url(request.url)</p>
  <p>The implementation of this method should call 
  assert_authorized_for_url(url), and if an AccessControlException is not 
  raised, this method should return true. This way, if the user is not 
  authorized, false would be returned, and the exception would be 
  logged.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>url</code></strong> - the url that the user should be checked for</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>true, if the user is authorized for the url</dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#is_authorized_for_url">access_controller.AccessController.is_authorized_for_url</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="is_authorized_for_function"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_authorized_for_function</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">function_name</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_function">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if the account is authorized to access the referenced 
  function.</p>
  <p>The implementation of this method should call 
  assert_authorized_for_function(function_name), and if an 
  AccessControlException is not thrown, this method should return true.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>function_name</code></strong> - the name of the function</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>true, if the user is authorized for the function</dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#is_authorized_for_function">access_controller.AccessController.is_authorized_for_function</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="is_authorized_for_data"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_authorized_for_data</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">action</span>,
        <span class="sig-arg">key</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_data">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the data, referenced by a
  key as a string.</p>
  <p>The implementation of this method should call 
  assert_authorized_for_data(key), and if an AccessControlException is not 
  thrown, this method should return true.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>key</code></strong> - a string key identifying the referenced data</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>true, if the user is authorized for the data</dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#is_authorized_for_data">access_controller.AccessController.is_authorized_for_data</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="is_authorized_for_file"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_authorized_for_file</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">filepath</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_file">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced file.</p>
  <p>The implementation of this method should call 
  assert_authorized_for_file(filepath), and if an AccessControlException is
  not raised, this method should return true.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>filepath</code></strong> - the path of the file to be checked, including filename</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>true, if the user is authorized for the file</dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#is_authorized_for_file">access_controller.AccessController.is_authorized_for_file</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="is_authorized_for_service"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">is_authorized_for_service</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">service_name</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.is_authorized_for_service">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced service. 
  This can be used in applications that provide access to a variety of back
  end services.</p>
  <p>The implementations of this method should call 
  assert_authorized_for_service(service_name), and if an 
  AccessControlException is not thrown, this method should return true.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>service_name</code></strong> - the name of the service</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>true, if the user is authorized for the service</dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#is_authorized_for_service">access_controller.AccessController.is_authorized_for_service</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="assert_authorized_for_url"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">assert_authorized_for_url</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">url</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_url">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced URL.</p>
  <p>Generally, this method should be invoked in the application's 
  controller or in a filter as follows:</p>
  <p>ESAPI.access_controller().assert_authorized_for_url(request.url)</p>
  <p>This method raises an AccessControlException if access is not 
  authorized, or if the referenced URL does not exist. If the user is 
  authorized, this method simply returns.</p>
  <p>The implementation should do the following:</p>
  <ul>
    <li>
      Check to see if the resource exists and if not, raise an 
      AccessControlException
    </li>
    <li>
      Use available information to make an access control decision
      <ul>
        <li>
          Ideally, this policy would be data driven
        </li>
        <li>
          You can use the current user, roles, data type, data name, time 
          of day, etc.
        </li>
        <li>
          Access control decisions must default to deny
        </li>
      </ul>
    </li>
    <li>
      If access is not permitted, raise an AccessControlException with 
      details.
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>url</code></strong> - the full url that the user is trying to access</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.AccessControlException-class.html">AccessControlException</a></strong></code> - if access is not permitted.</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#assert_authorized_for_url">access_controller.AccessController.assert_authorized_for_url</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="assert_authorized_for_function"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">assert_authorized_for_function</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">function_name</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_function">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced function. 
  The implementation should define the function &quot;namespace&quot; to be
  enforced. Choosing something simple like the class name of action classes
  or menu item names will make this implementation easier to use.</p>
  <p>This method raises an AccessControlException if access is not 
  authorized, or if the referenced function does not exist. If the user is 
  authorized, this method simply returns.</p>
  <p>The implementation should do the following:</p>
  <ul>
    <li>
      Check to see if the function exists and if not, raise an 
      AccessControlException
    </li>
    <li>
      Use available information to make an access control decision
      <ul>
        <li>
          Ideally, this policy would be data driven
        </li>
        <li>
          You can use the current user, roles, data type, data name, time 
          of day, etc.
        </li>
        <li>
          Access control decisions must default to deny
        </li>
      </ul>
    </li>
    <li>
      If access is not permitted, raise an AccessControlException with 
      details.
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>function_name</code></strong> - the name of the function</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.AccessControlException-class.html">AccessControlException</a></strong></code> - if access is not permitted.</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#assert_authorized_for_function">access_controller.AccessController.assert_authorized_for_function</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="assert_authorized_for_data"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">assert_authorized_for_data</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">action</span>,
        <span class="sig-arg">key</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_data">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if the current user is authorized to access the referenced 
  data. This method simply returns if access is authorized. It raises an 
  AccessControlException if access is not authorized, or if the referenced 
  data does not exist.</p>
  <p>The implementation should do the following:</p>
  <ul>
    <li>
      Check to see if the data exists and if not, raise an 
      AccessControlException
    </li>
    <li>
      Use available information to make an access control decision
      <ul>
        <li>
          Ideally, this policy would be data driven
        </li>
        <li>
          You can use the current user, roles, data type, data name, time 
          of day, etc.
        </li>
        <li>
          Access control decisions must default to deny
        </li>
      </ul>
    </li>
    <li>
      If access is not permitted, raise an AccessControlException with 
      details.
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>key</code></strong> - the name for the data</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.AccessControlException-class.html">AccessControlException</a></strong></code> - if access is not permitted.</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#assert_authorized_for_data">access_controller.AccessController.assert_authorized_for_data</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="assert_authorized_for_file"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">assert_authorized_for_file</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">filepath</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_file">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced file. The 
  implementation should validate and canonicalize thte input to make sure 
  the filepath is not malicious.</p>
  <p>This method raises an AccessControlException if access is not 
  authorized, or if the referenced file does not exist. If the user is 
  authorized, this method simply returns.</p>
  <p>The implementation should do the following:</p>
  <ul>
    <li>
      Check to see if the file exists and if not, raise an 
      AccessControlException
    </li>
    <li>
      Use available information to make an access control decision
      <ul>
        <li>
          Ideally, this policy would be data driven
        </li>
        <li>
          You can use the current user, roles, data type, data name, time 
          of day, etc.
        </li>
        <li>
          Access control decisions must default to deny
        </li>
      </ul>
    </li>
    <li>
      If access is not permitted, raise an AccessControlException with 
      details.
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>filepath</code></strong> - path to the file to be checked.</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.AccessControlException-class.html">AccessControlException</a></strong></code> - if access is not permitted.</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#assert_authorized_for_file">access_controller.AccessController.assert_authorized_for_file</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="assert_authorized_for_service"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">assert_authorized_for_service</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">service_name</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.assert_authorized_for_service">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks if an account is authorized to access the referenced service. 
  This can be used in applications that provide access to a variety of 
  backend services.</p>
  <p>This method raises an AccessControlException if access is not 
  authorized, or if the referenced service does not exist. If the user is 
  authorized, this method simply returns.</p>
  <p>The implementation should do the following:</p>
  <ul>
    <li>
      Check to see if the service exists and if not, raise an 
      AccessControlException
    </li>
    <li>
      Use available information to make an access control decision
      <ul>
        <li>
          Ideally, this policy would be data driven
        </li>
        <li>
          You can use the current user, roles, data type, data name, time 
          of day, etc.
        </li>
        <li>
          Access control decisions must default to deny
        </li>
      </ul>
    </li>
    <li>
      If access is not permitted, raise an AccessControlException with 
      details.
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>service_name</code></strong> - the service name</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.AccessControlException-class.html">AccessControlException</a></strong></code> - if access is not permitted.</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.access_controller.AccessController-class.html#assert_authorized_for_service">access_controller.AccessController.assert_authorized_for_service</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="match_rule"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">match_rule</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">dictionary</span>,
        <span class="sig-arg">key</span>,
        <span class="sig-arg">action</span>=<span class="sig-default">None</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.match_rule">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks to see if the current user has access to the specified data, 
  file, object, etc. If the user has access, as specified by the dictionary
  parameter, this method returns True. If the user does not have access or 
  an exception is thrown, false is returned.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>dictionary</code></strong> - the map/dictionary containing the access rules</li>
        <li><strong class="pname"><code>key</code></strong> - the path of the requested file, url, object, etc.</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>True, if the user has access. Otherwise, False.</dd>
  </dl>
</td></tr></table>
</div>
<a name="search_for_rule"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">search_for_rule</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">dictionary</span>,
        <span class="sig-arg">roles</span>,
        <span class="sig-arg">key</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.search_for_rule">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Search for the rule. Four mapping rules are used in order:</p>
  <ul>
    <li>
      Exact match, e.g. /access/login
    </li>
    <li>
      Longest path prefix match, beginning / and ending /*, e.g. /access/* 
      or /*
    </li>
    <li>
      Extension matching, beginning *., e.g. *.css
    </li>
    <li>
      Default rule, specified by the single character pattern
    </li>
  </ul>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>dictionary</code></strong> - the map containing the access rules</li>
        <li><strong class="pname"><code>roles</code></strong> - a list of roles the user has</li>
        <li><strong class="pname"><code>key</code></strong> - the file, url, object, etc. being checked for access</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>the rule stating whether to allow or deny access</dd>
  </dl>
</td></tr></table>
</div>
<a name="overlap"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">overlap</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">rule_roles</span>,
        <span class="sig-arg">user_roles</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.overlap">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>This method returns True if there is overlap between the rule's rules 
  and the user's roles.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>rule_roles</code></strong> - the rule roles</li>
        <li><strong class="pname"><code>user_roles</code></strong> - the user roles</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>True, if any roles exist in both lists. Otherwise, False.</dd>
  </dl>
</td></tr></table>
</div>
<a name="validate_roles"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">validate_roles</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">roles</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.validate_roles">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Checks that the roles passed in contain only letters, numbers, and 
  underscores. Also checks that roles are no more than 10 characters long. 
  If a role does not pass validation, it is not included in the list of 
  roles returned by this method. A log warning is also generated for any 
  invalid roles.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>roles</code></strong> - the list of roles to validate according to the criteria stated 
          above.</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>a list of roles that are valid according to the criteria stated 
          above.</dd>
  </dl>
</td></tr></table>
</div>
<a name="load_rules"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">load_rules</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">rule_file</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.file_based_access_controller-pysrc.html#FileBasedAccessController.load_rules">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Loads the access rules by storing them in a dictionary. This method 
  reads the file specified by the rule_file parameter, ignoring any lines 
  that begin with the '#' character as comments. Sections of the access 
  rules file are split by the '|' character. The method loads all paths, 
  replacing '\\' characters with '/' for uniformity, then loads the list of
  comma separated roles. The roles are validated to be sure they are within
  the length and character set limitations specified in the validate_roles 
  method. Then the permissions are stored for each item in the rules 
  list.</p>
  <p>If the word 'allow' appears on the line, the specified roles are 
  granted access to the data - otherwise, they will be denied access.</p>
  <p>Each path may only appear once in the access rules file. Any entry, 
  after the first, containing the same path will be logged and ignored.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>rule_file</code></strong> - the name of the file that contains the access rules</li>
    </ul></dd>
    <dt>Returns:</dt>
        <dd>a dictionary mapping path -&gt; Rule object</dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Sun Nov  8 16:04:22 2009
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
